Add ManagedUserTokenFetcher to fetch scoped-down tokens.

chrome/browser/managed_mode/managed_user_refresh_token_fetcher.h

Index: chrome/browser/managed_mode/managed_user_refresh_token_fetcher.h
diff --git a/chrome/browser/managed_mode/managed_user_refresh_token_fetcher.h b/chrome/browser/managed_mode/managed_user_refresh_token_fetcher.h
new file mode 100644
index 0000000000000000000000000000000000000000..413455bb385afa7ab0d9f6735e8fee7e3c930440
--- /dev/null
+++ b/chrome/browser/managed_mode/managed_user_refresh_token_fetcher.h
@@ -0,0 +1,50 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_MANAGED_MODE_MANAGED_USER_REFRESH_TOKEN_FETCHER_H_
+#define CHROME_BROWSER_MANAGED_MODE_MANAGED_USER_REFRESH_TOKEN_FETCHER_H_
+
+#include <string>
+
+#include "base/callback_forward.h"
+#include "base/compiler_specific.h"
+#include "base/memory/scoped_ptr.h"
+#include "base/string16.h"
+
+class GoogleServiceAuthError;
+class OAuth2TokenService;
+
+namespace net {
+class URLRequestContextGetter;
+}
+
+// This class fetches an OAuth2 refresh token that is tied to a managed user ID
+// and downscoped to a special scope for Chrome Sync for managed users.
+// Fetching the token consists of the following steps:
+//   1. Get an access token for the custodian from OAuth2TokenService

[Andrew T Wilson (Slow), 2013/05/29 12:05:33]

very minor nit: this is a sentence, so should use sentence punctuation (have a
period at the end)

[Bernhard Bauer, 2013/05/29 12:56:56]

Done.

+//      (either cached or fetched)
+//   2. Call the IssueToken API to mint a scoped authorization code for a
+//      refresh token managed user from the custodian's access token.

[Andrew T Wilson (Slow), 2013/05/29 12:05:33]

"refresh token for the managed user"

[Bernhard Bauer, 2013/05/29 12:56:56]

Urr, yes. Done.

+//   3. Exchange the authorization code for a refresh token for the managed
+//      user and return it to the caller. The refresh token can only be used to
+//      mint tokens with the special managed user Sync scope.
+class ManagedUserRefreshTokenFetcher {
+ public:
+  typedef base::Callback<void(const GoogleServiceAuthError& /* error */,
+                              const std::string& /* refersh_token */)>

[Andrew T Wilson (Slow), 2013/05/29 12:05:33]

nit: refersh->refresh

[Bernhard Bauer, 2013/05/29 12:56:56]

Argh, done.

+      TokenCallback;
+
+  static scoped_ptr<ManagedUserRefreshTokenFetcher> Create(
+      OAuth2TokenService* oauth2_token_service,
+      net::URLRequestContextGetter* context);
+
+  virtual ~ManagedUserRefreshTokenFetcher();
+
+  virtual void Start(const std::string& managed_user_id,
+                     const string16& name,
+                     const std::string& device_name,
+                     const TokenCallback& callback) = 0;
+};
+
+#endif  // CHROME_BROWSER_MANAGED_MODE_MANAGED_USER_REFRESH_TOKEN_FETCHER_H_